Panel employs full-court press for cybersecurity

An expert commission plans to continue its effort to see recommendations for cybersecurity implemented governmentwide

By William Jackson

Feb 09, 2009

Members of the panel that offered the Obama administration a blueprint for improving the nation’s cybersecurity say they want to have a voice in shaping the government’s information technology policy.

In its December 2008 report, the Commission on Cyber Security for the 44th Presidency concluded that the nation’s cyber infrastructure is too fragile and too critical to be trusted to individual agencies, and protecting that infrastructure requires a comprehensive strategy directed by the White House.

In a recent statement, the Center for Strategic and International Studies (CSIS), which established the commission, said, “The new administration has cybersecurity high on its agenda, and it is making a serious effort to take what has already been done and improve our national cyber posture. But there is much to be done. Building cybersecurity will be a long-term effort.”

Some panel members want to continue the dialog with government officials through an ongoing series of meetings. Denise Zheng, program coordinator and research assistant for technology and public policy at CSIS, said that although the program’s details are still being discussed, the members envision continuing the public format in which the commission developed its report.

CSIS established the commission in 2007 in response to the growing challenges to government information systems. Its goal was to produce concrete recommendations that the new administration could implement quickly. The commission’s co-chairmen were Rep. Jim Langevin (D-R.I.), then chairman of the House Homeland Security Committee’s Emerging Threats, Cybersecurity, and Science and Technology Subcommittee; Rep. Michael McCaul (R-Texas), the subcommittee’s former ranking member; retired Air Force Lt. Gen. Harry Raduege, chairman of the Deloitte Center for Network Innovation at Deloitte and Touche; and Scott Charney, corporate vice president of Microsoft’s Trustworthy Computing Group. The commission also included 50 other members from government, industry and academia. James Lewis, director of technology and public policy at CSIS, served as project director.

The commission held 19 briefings to gather data in the past year. Its primary findings were that cybersecurity is a major national security issue, but that in addressing it, the government must respect privacy and civil liberties concerns.

“Only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will improve the situation,” the commission members wrote in their report.

They recommended that the Homeland Security Department and the Office of Management and Budget, which took the lead on cybersecurity during the Bush administration, maintain their operational responsibilities. Meanwhile, a new National Office for Cyberspace and a new cybersecurity directorate at the National Security Council would take the overall lead on cybersecurity. The commission also recommended that the government build on President Bush’s Comprehensive National Cyber Security Initiative.

“While the CNCI is not comprehensive and unnecessary secrecy reduced its effect, we believe it is a good place to start,” the commissioners wrote in their report.

Among the topics panel members hope to discuss with government officials:

Provisions for cybersecurity in the stimulus package Congress is now considering.

Executive branch leadership on the issue.

Legislation that addresses the security of government systems, including reform of the Federal Information Security Management Act.

Review of law enforcement and investigative authorities related to cybersecurity.

A six-month report card on the government’s efforts to secure cyberspace.

Federal IT acquisition policies.

International standards and initiatives.

Classification of cyber initiatives.

Building an enduring security framework and public/private partnerships.